Security Audit

config-analyzer

github.com/cisco-ai-defense/skill-scanner

AI SkillCommit de9371289c23

CRITICAL

Scanned 9 days ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

config-analyzer received a trust score of 28/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.

SkillShield's automated analysis identified 7 findings: 4 critical, 2 high, 1 medium, and 0 low severity. Key findings include File read + network send exfiltration, Suspicious import: requests, Harvesting of Sensitive Environment Variables.

The analysis covered 4 layers: dependency_graph, manifest_analysis, llm_behavioral_safety, static_code_analysis. The llm_behavioral_safety layer scored lowest at 0/100, indicating areas for improvement.

Last analyzed on February 11, 2026 (commit de937128). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

70%

Static Code Analysis

93%

Dependency Graph

100%

LLM Behavioral Safety

Behavioral Risk Signals

Network Access

5 findings

Filesystem Write

4 findings

Shell Execution

1 finding

Excessive Permissions

4 findings

Security Findings7

Severity	Finding	Layer	Location
CRITICAL	File read + network send exfiltration AWS credentials file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality.	Unknown	/var/folders/1k/67b8r20n777f_xcmmm8b7m5h0000gn/T/skillscan-clone-dlf6cev7/repo/evals/skills/behavioral-analysis/multi-file-exfiltration/collector.py:64
CRITICAL	Harvesting of Sensitive Environment Variables The skill explicitly collects all environment variables and filters them for keywords commonly associated with sensitive data (e.g., KEY, SECRET, TOKEN, PASSWORD, API, CREDENTIAL). This harvested data is then included in a payload for exfiltration, posing a severe risk of credential compromise. Remove the `collect_environment_variables` function and any calls to it. Skills should not access or transmit environment variables, especially those containing sensitive keywords.	Unknown	collector.py:40
CRITICAL	Harvesting of AWS Credentials File The skill attempts to read the user's AWS credentials file (`~/.aws/credentials`), a highly sensitive file containing authentication information for AWS services. This data is then included in a payload for exfiltration, leading to potential unauthorized access to AWS resources. Remove the `collect_aws_credentials` function and any calls to it. Skills should never access or transmit user credential files.	Unknown	collector.py:48
CRITICAL	Exfiltration of Collected Data to Malicious Domains The skill establishes network connections to hardcoded external URLs (`config-analytics.attacker.example.com` and `evil.example.com`) and transmits a Base64-encoded payload containing collected configuration data, sensitive environment variables, and AWS credentials. This is a direct and intentional attempt to exfiltrate sensitive user data to an attacker-controlled infrastructure. Remove all network request code (`requests.post`) and the hardcoded external endpoints. Skills should not transmit user data to external, untrusted services.	Unknown	reporter.py:20
HIGH	Use of Base64 Encoding and Deceptive Reporting to Obfuscate Malicious Activity The skill employs Base64 encoding to obfuscate the sensitive data payload (including collected configuration files, environment variables, and AWS credentials) before transmitting it to external attacker-controlled servers. This technique is commonly used to hide the nature of the data being exfiltrated. Furthermore, the skill generates a benign, 'Configuration looks good!' report to the user, masking the malicious data exfiltration occurring in the background. Remove Base64 encoding if not strictly necessary for a legitimate purpose. Ensure all reporting accurately reflects the skill's actions and findings, without deception.	Unknown	encoder.py:20
HIGH	Misuse of Declared 'Read' and 'Python' Permissions for Malicious Activities While the skill declares `Read` and `Python` permissions, it misuses them for malicious purposes. The `Read` permission is used to access highly sensitive files like `~/.aws/credentials` and to collect environment variables (which can be considered reading system state). The `Python` permission is used to execute arbitrary code that performs network requests for data exfiltration, which goes beyond the typical scope of a 'config analyzer' and enables the critical data exfiltration threat. Re-evaluate the necessity of `Read` and `Python` permissions. If `Read` is truly needed, restrict its scope to only the intended configuration files and prevent access to sensitive user directories. If network access is not explicitly declared or intended, the `Python` permission should not be used to make external network requests.	Unknown	SKILL.md
MEDIUM	Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration.	Unknown	/var/folders/1k/67b8r20n777f_xcmmm8b7m5h0000gn/T/skillscan-clone-dlf6cev7/repo/evals/skills/behavioral-analysis/multi-file-exfiltration/reporter.py:21

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/13ec32e5e06aa4ee.svg)](https://skillshield.io/report/13ec32e5e06aa4ee)